Presentation is loading. Please wait.

Presentation is loading. Please wait.

Wireless Security: Principles & Tools Sebastian Büttrich, NSRC edit: September 2010, GARNET

Published byColleen Thomas Modified over 7 years ago

Similar presentations

Presentation on theme: "Wireless Security: Principles & Tools Sebastian Büttrich, NSRC edit: September 2010, GARNET"— Presentation transcript:

1 Wireless Security: Principles & Tools Sebastian Büttrich, NSRC edit: September 2010, GARNET http://creativecommons.org/licenses/by-nc-sa/3.0/

2 Reminder: Aspects of IT Security Confidentiality Integrity Availability Authenticity Non-repudiation Risk management

3 “Wireless Security” The term “wireless security” is most often used as synonym for “keeping unwanted users out of your network” & “encrypting traffic” This addresses to some extent (!) – Confidentiality – Integrity – Availability However, none of these are fully secured by “wireless security”!

4 “Wireless Security” The idea of “wireless security” seems to be changing: in the old days, it meant: “How do I keep the outsider out”? Maybe, today it means: “How do I keep the insider from clogging up my network?”

5 “Wireless Security” When discussing “wireless security”, dont assume that the wired side is so much more secure! Most threats are NOT specifically wireless! Biggest threats today probably: – Windows computers – Virus/bots/trojans – Uncontrolled file sharing – Systems not prepared for high bandwidth connectivity and many dynamic users

6 “Wireless Security” The idea of “wireless security” seems to be changing: in the old days, it meant: “How do I keep the outsider out”? Maybe, today it means: “How do I keep the insider from clogging up my network?”

7 “Wireless Security” A healthy way of looking at security on the network level: – The network is the streets and roads – Many people and vehicles travel on these roads – Streets and roads are open, or mostly open – we dont lock people into their houses – If we need to transport money from A to B – we use a protected vehicle (= “end-to-end security”)

8 General Security / Authentication Methods for Wireless Hidden / Closed networks May be found by passive sniffers anyway Misleading “Security by Obscurity”

9 General Security / Authentication Methods for Wireless Key based encryption of wireless network (WEP/WPA) WEP is easily crackable – merely symbolic safety WPA takes longer, but is crackable If anything, use WPA2 – but even that is vulnerable WPA might force you to offer a lot of user support

10 General Security / Authentication Methods for Wireless MAC (hardware address) based ACL MAC black/whitelisting on AP or gateways Might be useful for stable user groups, registered equipment Difficult to maintain, easy to spoof

11 General Security / Authentication Methods for Wireless Summary of key based and ACL methods While none of those offers 100% security, appropriate combinations may give reasonable protection All of these are hard to maintain with fast changing, large usergroups All of these pose communication challenges – how to hand out keys? How to keep MAC lists up-to-date?

12 Essential tools Reminder: think layers! Working with wireless security to some extent means working with compromising tools

13 Essential tools Physical layer: Spectrum analyzers: airview, wispy Packet sniffers: kismet – Netstumbler (windows) Network layer: etherape (no admin tool – just quick visual overview) General networking and management tools: wireshark, ntop, mrtg, rrdtool, nmap, mtr WEP/WPA/WPA2 cracking: aircrack etc Tool collections: backtrack

14 Spectrum Analyzers Real spectrum analyzers very expensive, but USB analyzers are a reasonable compromise e.g. AirView (2.4 GHz), WiSpy (2.4 – 5.8 GHz) Pure physical layer! They will show you non-WiFi stuff, like microwave ovens, jamming attempts, bluetooth phones, etc

15 Spectrum Analyzers: Airview

16 Spectrum Analyzers: WiSpy

17 analyzers / demo Offer for LAB!

18 What is kismet? Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Works in raw monitoring (rfmon) mode, and (with appropriate hardware) can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. It is passively collecting packets and detecting standard named networks, detecting (and given time, decloaking) hidden networks, and presence of nonbeaconing networks via data traffic.

19 kismet - strengths Server – Client architecture Drones: distributed kismet servers running on remote devices, reporting back to central server, allow for the building of distributed reporting and intrusion detection systems Kismet is powerful - especially when combined with other tools like wireshark, nmap

20 kismet - Installing I The following guide assumes you are on Ubuntu 9.10 / GNU/Linux - but works for other systems accordingly. Get kismet via apt-get (or synaptic) $ apt-get install kismet edit /etc/kismet.conf - Definition of sources is a must. Sources are defined as: source=sourcetype,interface,name[,initialchannel] For the list of sourcetypes, see the README or online documentation.

21 kismet - Installing II $ vi /ect/kismet.conf source=sourcetype,interface,name[,initialchannel] e.g. source=ipw3945,wlan0,my_internal_card start kismet $ kismet

22 Start screen

23 What does kismet show? List of SSIDs Note: it also shows networks with hidden SSIDs / no beacons - just blank! If a client associates to those, you will also see the SSID.

24 What does kismet show? T = Type PProbe request - no associated connection yet AAccess point - standard wireless network HAd-hoc - point to point wireless network TTurbocell - Turbocell aka Karlnet or Lucent Router GGroup - Group of wireless networks DData - Data only network with no control packets

25 What does kismet show? W = Encryption Colour = Network/Client Type: YellowUnencrypted Network RedFactory default settings in use! GreenSecure Networks (WEP, WPA etc..) Blue SSID cloaking on / Broadcast SSID disabled

26 kismet - options (Some of the) Options: cShow clients in current network hHelp i Detailed info about current network sSort network list rPacket rate graph aStatistics pDump packet type QQuit

27 kismet - Network info

28 Client info

29 Kismet scan USIU

30

31

32

33 What is etherape? Etherape is not really a security tool, but it gives a very useful quick first view of traffic in your network. For example, in case you have a spam virus in your network, you will see this immediately. It also gives you a good feel for what various applications, such as skype or torrent clients, are doing to your network.

34 etherape screenshot

35 Case: UEW Garnet, port 15715 :)

36 What is wireshark? Wireshark, formerly known as ethereal, is a powerful packet dumping and analyzing program Extermely nice filtering for fast identification of problems, e.g. specific protocols (e.g. ARP), IP numbers, or keywords

37 wireshark screenshot

38

39 wireshark for ARP trouble

40 wireshark / demo Offer for LAB!

41 That was it... Thank you! sebastian@less.dk http://wire.less.dk Sebastian Büttrich, wire.less.dk edit: September 2010 http://creativecommons.org/licenses/by-nc-sa/3.0/

Download ppt "Wireless Security: Principles & Tools Sebastian Büttrich, NSRC edit: September 2010, GARNET"

Similar presentations

ITEC 6324 – Assignment Seven IEM Baseline Activity / Tool (Netstumbler, Kismet, Airopeek & AirSnort. Name: Victor Wong Instructor: Dr Crowley.

ITEC 6324 – Assignment Seven IEM Baseline Activity / Tool (Netstumbler, Kismet, Airopeek & AirSnort. Name: Victor Wong Instructor: Dr Crowley.
Overview How to crack WEP and WPA

Overview How to crack WEP and WPA
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy

Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman.

Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
Adrian Crenshaw.  I run Irongeek.com  I have an interest in InfoSec education  I don’t know everything - I’m.

Adrian Crenshaw.  I run Irongeek.com  I have an interest in InfoSec education  I don’t know everything - I’m.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
How to Secure a Home Wi-Fi S. Roy. Acknowledgement In preparing the presentation slides and the lab setup, I received help from Professor Simon Ou Professor.

How to Secure a Home Wi-Fi S. Roy. Acknowledgement In preparing the presentation slides and the lab setup, I received help from Professor Simon Ou Professor.
MIS 5212.001 Week 11 Site:

MIS Week 11 Site:
Securing a Wireless Network

Securing a Wireless Network
MASNET GroupXiuzhen ChengFeb 8, 2006 CSCI388 Project 1 Crack the WEP key Liran Ma Department of Computer Science The George Washington University

MASNET GroupXiuzhen ChengFeb 8, 2006 CSCI388 Project 1 Crack the WEP key Liran Ma Department of Computer Science The George Washington University
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Troubleshooting Your Network Networking for Home and Small Businesses.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Troubleshooting Your Network Networking for Home and Small Businesses.
Lab #2 CT1406 By Asma AlOsaimi. Security has been a major concern in today’s computer networks. There has been various exploits of attacks against companies,

Lab #2 CT1406 By Asma AlOsaimi. "Security has been a major concern in today’s computer networks. There has been various exploits of attacks against companies,
COEN 252 Computer Forensics

COEN 252 Computer Forensics
Chapter 13-802.11 Network Security Architecture 802.11 Security Basics Legacy 802.11 security Robust Security Segmentation Infrastructure Security VPN.

Chapter Network Security Architecture Security Basics Legacy security Robust Security Segmentation Infrastructure Security VPN.
Wireless Network Security Dr. John P. Abraham Professor UTPA.

Wireless Network Security Dr. John P. Abraham Professor UTPA.
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.

Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.

Similar presentations

Ads by Google